The Story behind the Nigerian Phishing Scam

In the 1990s, Africa's richest countries in terms of resources -- Nigeria and Zaire -- had dictators who were pushed out of power, leading to an international publicity campaign to freeze international bank accounts of their families and friends.

The scam, commonly known as "advance fee fraud," has evolved with technological development to include phishing scams -- which use fake sites -- and keyloggers at cybercafés that steal e-mail login information and send distress calls to contacts.

The scams have also evolved to include social-networking sites and mobile-phone technology, and are taking advantage of global events such as the upcoming FIFA World Cup in South Africa.

"As ICTs [became] more sophisticated, advance fee scams evolved to take advantage of new mediums such as instant messaging and online social networks (Facebook, LinkedIn, Ning), and in the process became the global phenomenon [they are] today," said Bill Zimmerman, CEO and founder of Limbelabs in Cameroon.

In the early scam messages, an e-mail would be sent introducing the sender as the wife/son/daughter or close family member of a former ruling family but would demand "an advance fee" before starting the transaction. In other e-mail, the contact would claim to have been awarded a huge government mining contract and would invite the "investor" to the country, where they would meet with fake government officials.

Nigeria Takes Action

Nigeria is probably the best-known African country where advance-fee-fraud scams originate. Indeed, the scams are known as 419 scams, after section 419 of the Nigerian penal code, which prohibits the crime.

"It's generally accepted that the 419 scams originated in Nigeria, and there is a growing perception that the miscreants involved have now started relocating to neighboring countries," said Steve Santorelli, director of Global Outreach at Team Cymru, an Internet security research firm.

Last year, Nigeria's Economic and Financial Crimes Commission (EFCC) launched an awareness campaign. It also instituted a ban on nighttime Web browsing in public places, conducted raids on cybercafés in Lagos and other cities, and succeeded in making some highly publicized arrests, but the problem has not been fully stamped out.

"Cybercafés are fertile ground for this type of scam; once a keystroke logger is installed on a café computer, the machine becomes a harvester of login information for every other person who uses it; it's one reason I advise travelers to carry a netbook or smartphone, rather than using a public machine," added Limbelabs' Zimmerman.

In one of the latest scams, criminals take over e-mail accounts and send messages to contacts, saying the person is stuck in Nigeria after being robbed and needs money to sort hotel bills. The e-mail then gives an alternative e-mail address where the contact can send money via Western Union or any other form of instant transfer.

Ghana, one of the largest gold producers on the continent, has taken a firm step against criminals who target international business investors. The government sends security officers to the airports for routine checks.

"The government of Ghana routinely dispatches security agents to the international airport in Accra; the security personnel invite visiting foreigners and their Ghanaian or African hosts to the airport police station for questioning when the hosts (upon arrival at the airport to pick up their guests) appear suspicious," said Yaw Owusu, managing director of Gateway Innovations in Ghana, which manages a technology park.

Victims Still Available

Greed and the desire to make quick money have been given as major reasons why people fall into these scams, but gullibility and loneliness have also been advanced as reasons why people continue to pay attention to scammers.

"Lonely people are more vulnerable to cyberscams, and they seek to fill the emotional void in their lives with relationships established in cyberspace. Secondly, the more naïve, the less educated and less exposed a person is to different people, a variety of life experiences, the more susceptible he or she becomes to scams of any form," Owusu said.

Although the scams are common in Africa, according to a 2009 report from the Internet Crime Complaint Center, cybercrimes originating from African countries made up only 10 percent of the reported number of victim complaints, with the U.S. and U.K. comprising more than 75 percent of the total.

There are several Web sites that help people understand how to avoid the 419 scam, which has probably led to criminals moving to mobile-phone technology. SMS promotions by big companies have led to schemes where scammers impersonate company officials and send SMSes to potential victims, saying they have won promotions and saying they should send money via mobile services to process the winnings. However, many governments in Africa have empowered law enforcement agencies to work with mobile-phone companies to battle these new scams.